Marital affair website demonstrates new dimensions of personal data risk
Cyber risk for most organizations has a focus on the personal data of customers. Primarily this means social security numbers, date of birth, address, credit card numbers and the like. All of that is bad enough when lost in connection with a data breach, but companies must now also be aware of growing threats of cyber extortion schemes.
The recent announcement that Ashley Madison, the marital-affair-promoting website, has been hacked and subject to extortion takes these problems to a new level. Disapproving hackers have told Ashley Madison to shut down the site or the extortionists will release customer data. Reports say that despite Ashley Madison’s policy that private data can be scrubbed from the site for $19, the data is still available to hackers. The motives of the hackers are still unclear, but what is unusual is that it is not a demand for money.
The owner of a website like Ashley Madison has, of course, a huge liability exposure. With 37 million users, how many wrecked marriages might result from the release of the data? And what is the liability cost of Ashley Madison for each wrecked marriage, $1 MM? More? Might there be liability for other social or professional challenges their users may face if their personal data and membership information is disseminated? The cyber insurance implications for Ashley Madison are overwhelming. Are there enough insurance limits available to cover the seemingly astronomical exposure from claims that are brought by its members? Is cyber extortion coverage properly structured to be triggered when a demand is not focused on money or property?
While “traditional” internet brands don’t necessarily have the exposure of a company that promotes infidelity, Ashley Madison’s predicament highlights the need to very carefully think about cyber risk and cyber insurance. All I know is that I am thankful that I am not a user since the line for compensation will be so long that there is no chance that Ashley Madison will have enough insurance to pay all of those settlements. Another reason to think through all of your risk exposures and limits calculations in the cyber jungle of today.
About the Author
Phil Edmundson is the Chairman and CEO of WGA, insurance brokers and consultants for businesses, with over 30 years in the insurance industry. He manages strategy, talent acquisition and development, and management / acquisitions at WGA.